Act now and download your Microsoft AZ-303 test today! Do not waste time for the worthless Microsoft AZ-303 tutorials. Download Up to date Microsoft Microsoft Azure Architect Technologies (beta) exam with real questions and answers and begin to learn Microsoft AZ-303 with a classic professional.

Also have AZ-303 free dumps questions for you:

NEW QUESTION 1

You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1.
You plan to implement Azure Front Door-based load balancing across all the virtual machines.
You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door. What should you implement?

  • A. Azure Private Link
  • B. service endpoints
  • C. network security groups (NSGs) with service tags
  • D. network security groups (NSGs) with application security groups

Answer: C

Explanation:
Configure IP ACLing for your backends to accept traffic from Azure Front Door's backend IP address space and Azure's infrastructure services only. Refer the IP details below for ACLing your backend:
AZ-303 dumps exhibit Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door's IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq

NEW QUESTION 2

You have a virtual network named VNet1 as shown in the exhibit.
AZ-303 dumps exhibit
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering. What should you do first?

  • A. Modify the address space of VNet1.
  • B. Configure a service endpoint on VNet2
  • C. Add a gateway subnet to VNet1.
  • D. Create a subnet on VNet1 and VNet2.

Answer: A

Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons

NEW QUESTION 3

You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Box 2: No
Box 3: No

NEW QUESTION 4

You need to recommend an identify solution that meets the technical requirements.
What should you recommend?

  • A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
  • B. password hash synchronization and single sign-on (SSO)
  • C. cloud-only user accounts
  • D. Pass-through Authentication and single sign-on (SSO)

Answer: D

Explanation:
Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure. References: https://www.sherweb.com/blog/active-directory-federation-services/

NEW QUESTION 5

You have an Azure subscription.
You plan to deploy an app that has a web front end and an application tier.
You need to recommend a load balancing solution that meets the following requirements:
AZ-303 dumps exhibit Internet to web tier:
- Provides URL-based routing
- Supports connection draining
- Prevents SQL injection attacks
AZ-303 dumps exhibit Web tier to application tier:
- Provides port forwarding
- Supports HTTPS health probes
- Supports an availability set as a backend pool
Which load balancing solution should you recommend for each tier? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: An Azure Application Gateway that has a web application firewall (WAF)
Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Application Gateway operates as an application delivery controller (ADC). It offers Secure Sockets Layer (SSL) termination, cookie-based session affinity, round-robin load distribution, content-based routing, ability to host multiple websites, and security enhancements.
Box 2: An internal Azure Standard Load Balancer
The internet to web tier is the public interface, while the web tier to application tier should be internal. Note: When using load-balancing rules with Azure Load Balancer, you need to specify a health probes to
allow Load Balancer to detect the backend endpoint status.
Health probes support the TCP, HTTP, HTTPS protocols. References:
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview

NEW QUESTION 6

Your network contains an on-premises Active Directory domain named contoso.com that contains a user named User1. The domain syncs to Azure Active Directory (Azure AD). You have the Windows 10 devices shown in the following table.
AZ-303 dumps exhibit
The User Sign-In settings are configured as shown in the following exhibit.
AZ-303 dumps exhibit
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 7

The developers at your company request that you create databases in Azure Cosmos DB as shown in the following table.
AZ-303 dumps exhibit
You need to create the Azure Cosmos DB databases to meet the developer request. The solution must minimize costs.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Create three Azure Cosmos DB accounts, one for the databases that use the Core (SQL) API, one for CosmosDB2, and one for CosmosDB4.
  • B. Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and one for CosmosDB1 and CosmosDB3.
  • C. Create one Azure Cosmos DB account for each database.
  • D. Create three Azure Cosmos DB accounts, one for the databases that use the MongoDB API, one for CosmosDB1, and one for CosmosDB3.

Answer: BD

Explanation:
Note:
Microsoft recommends using the same API for all access to the data in a given account.
One throughput provisioned container per subscription for SQL, Gremlin API, and Table accounts. Up to three throughput provisioned collections per subscription for MongoDB accounts.
The throughput provisioned on an Azure Cosmos container is exclusively reserved for that container. The container receives the provisioned throughput all the time.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/set-throughput#set-throughput-on-a-container

NEW QUESTION 8

You have an Azure subscription that contains the resource groups shown in the following table.
AZ-303 dumps exhibit
You create an Azure Resource Manager template named Template1 as shown in the following exhibit.
AZ-303 dumps exhibit
From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.
AZ-303 dumps exhibit
What is the result of the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 9

You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1. An administrator plans to manage Clus1 from an Azure AD-joined device.
You need to ensure that the administrator can deploy the YAML application manifest file for a container application.
You install the Azure CLI on the device. Which command should you run next?

  • A. kubectl get nodes
  • B. az aks install-cli
  • C. kubectl apply –f app1.yaml
  • D. az aks get-credentials --resource-group RG1 --name Clus1

Answer: C

Explanation:
kubectl apply –f appl.yaml applies a configuration change to a resource from a file or stdin. References:
https://kubernetes.io/docs/reference/kubectl/overview/ https://docs.microsoft.com/en-us/cli/azure/aks

NEW QUESTION 10

You need to implement a backup solution for App1 after the application is moved. What should you create first?

  • A. a recovery plan
  • B. an Azure Backup Server
  • C. a backup policy
  • D. a Recovery Services vault

Answer: D

Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines. Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal

NEW QUESTION 11

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
AZ-303 dumps exhibit Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 12

You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following parameters section.
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
The Resource group is not specified.
Box 2: No
The default value for the operating system is Windows 2016 Datacenter.
Box 3: Yes
Location is no default value. References:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-template

NEW QUESTION 13

You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an external
certification authority (CA).
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From KV1, create a certificate issuer resource.
  • B. Obtain the CA account credentials.
  • C. Obtain the root CA certificate.
  • D. From KV1, create a certificate signing request (CSR).
  • E. From KV1, create a private key,

Answer: CD

Explanation:
C: Obtain the root CA certificate (step 4 in the picture below)
D: From KV1, create a certificate signing request (CSR) (step 2 in the picture below) Note:
Creating a certificate with a CA not partnered with Key Vault
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.
AZ-303 dumps exhibit
The following step descriptions correspond to the green lettered steps in the preceding diagram.
AZ-303 dumps exhibit In the diagram above, your application is creating a certificate, which internally begins by creating a key in your key vault.
AZ-303 dumps exhibit Key Vault returns to your application a Certificate Signing Request (CSR).
AZ-303 dumps exhibit Your application passes the CSR to your chosen CA.
AZ-303 dumps exhibit Your chosen CA responds with an X509 Certificate.
AZ-303 dumps exhibit Your application completes the new certificate creation with a merger of the X509 Certificate from your CA.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios

NEW QUESTION 14

A company runs multiple Windows virtual machines (VMs) in Azure.
The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions.
You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required. What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Join the VMs to a new domain controller VM in Azure
Azure provides two solutions for implementing directory and identity services in Azure:
AZ-303 dumps exhibit (Used in this scenario) Extend your existing on-premises Active Directory infrastructure to Azure, by deploying a VM in Azure that runs AD DS as a Domain Controller. This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
AZ-303 dumps exhibit Use Azure AD to create an Active Directory domain in the cloud and connect it to your on-premises Active Directory domain. Azure AD Connect integrates your on-premises directories with Azure AD.
Box 2: Set up VPN connectivity.
This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/

NEW QUESTION 15

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
XCOPY File1.txt C:\Folder1\
You then build the container image. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Copy is the correct command to copy a file to the container image. Furthermore, the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 16

You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.
D18912E1457D5D1DDCBD40AB3BF70D5D
Which three resources should you use to implement the tests? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Azure Automation runbook
  • B. an alert rule
  • C. an Azure Monitor query
  • D. a virtual machine that has network access to the 100 virtual machines
  • E. an alert action group

Answer: ABE

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-create-alert-triggered-runbook https://techsnips.io/snips/how-to-create-and-test-azure-monitor-alerts/?page=13

NEW QUESTION 17
......

P.S. Easily pass AZ-303 Exam with 0 Q&As Dumpscollection.com Dumps & pdf Version, Welcome to Download the Newest Dumpscollection.com AZ-303 Dumps: https://www.dumpscollection.net/dumps/AZ-303/ (0 New Questions)